package com.sap.smp.client.android.federationprovider;

import android.content.Context;
import android.content.Intent;
import android.content.pm.PackageManager;
import android.os.Handler;
import android.os.Looper;
import com.bumptech.glide.load.Key;
import com.sap.smp.client.android.certificateprovider.CertificateProvider;
import com.sap.smp.client.android.certificateprovider.CertificateProviderException;
import com.sap.smp.client.android.certificateprovider.CertificateProviderListener;
import com.sap.smp.client.android.certificateprovider.CertificateProviderListenerPlus;
import com.sap.smp.client.android.federation.Certificate;
import com.sap.smp.client.android.federation.Federation;
import com.sap.smp.client.android.federation.FederationErrorObject;
import com.sap.smp.client.android.federation.SSOPasscodeHelper;
import com.sap.smp.client.supportability.ClientLogDestination;
import com.sap.smp.client.supportability.ClientLogLevel;
import com.sap.smp.client.supportability.ClientLogManager;
import com.sap.smp.client.supportability.ClientLogger;
import com.sap.smp.client.supportability.Supportability;
import com.sybase.persistence.DataVault;
import com.sybase.persistence.DataVaultException;
import java.io.IOException;
import java.io.Serializable;
import java.io.UnsupportedEncodingException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.EnumSet;
import java.util.HashMap;
import java.util.Map;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.X509KeyManager;
import org.bouncycastle.pqc.jcajce.spec.McElieceCCA2KeyGenParameterSpec;
import org.jdeferred.Deferred;
import org.jdeferred.DoneCallback;
import org.jdeferred.FailCallback;
import org.jdeferred.impl.DeferredObject;

/* loaded from: classes2.dex */
public class FederationProvider implements CertificateProvider {
    public static final String ANDROID_FEDERATION_DATAVAULT_PASS = "federation_datavault_pass";
    public static final String ANDROID_FEDERATION_EMBEDDED_CERTIFICATE_PROVIDER = "federated_certificate";
    static final String BUNDLE_KEY_PW = "BUNDLE_SSO_PW";
    static final String EXTRA_CALLED_FROM_FEDERATION_PROVIDER = ".calledFromFederationProvider";
    static final String EXTRA_DATA_VAULT_PIN_CODE = ".dataVaultPinCode";
    private static String LOG_TAG = FederationProvider.class.getName();
    private static String appId;
    private static CertificateProvider childProv;
    private static Context ctx;
    private static String dataVaultPin;
    private static Federation federation;
    private static ClientLogger logger;
    private static Map<Object, Object> params;
    private static DataVault.DVPasswordPolicy policy;
    private static CertificateProviderListenerPlus provListener;
    private String childProvName;

    /* loaded from: classes2.dex */
    public enum ANDROID_FEDERATION_POLICY_DETAILS {
        expirationDays,
        hasDigits,
        hasLowerCaseLetters,
        hasSpecialLetters,
        hasUpperCaseLetters,
        defaultAllowed,
        lockTimeout,
        minLength,
        minUniqueChars,
        retryLimit
    }

    /* loaded from: classes2.dex */
    public enum FederationError {
        NO_PARAMS("Provider haven't got the necessary parameters. Call 'setParameters' first!"),
        INCOMPLETE_PARAMS("Incomplete configuration!"),
        NO_PROV_CLASS("Provider class isn't found!"),
        NO_PROV_INST("No provider instance!");

        private String msg;

        FederationError(String str) {
            this.msg = str;
        }

        String msg() {
            return this.msg;
        }
    }

    /* loaded from: classes2.dex */
    public static abstract class FederationProviderResponseListener {
        public abstract void onError(String str);

        public abstract void onError(String str, Throwable th);

        public abstract void onSuccess();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static Map<Object, Object> createProviderParams(Map<Object, Object> map) {
        HashMap hashMap = new HashMap();
        for (Map.Entry<Object, Object> entry : map.entrySet()) {
            if (Serializable.class.isAssignableFrom(entry.getValue().getClass())) {
                hashMap.put(entry.getKey(), entry.getValue());
            }
        }
        return hashMap;
    }

    private static void downloadCertificate(final CertificateProviderListener certificateProviderListener, final String str, final FederationProviderResponseListener federationProviderResponseListener) throws CertificateProviderException {
        CertificateProvider certificateProvider = childProv;
        if (certificateProvider == null) {
            federationProviderResponseListener.onError(FederationError.NO_PROV_CLASS.msg);
        } else {
            certificateProvider.setParameters(params);
            childProv.initialize(new CertificateProviderListenerPlus() { // from class: com.sap.smp.client.android.federationprovider.FederationProvider.2
                @Override // com.sap.smp.client.android.certificateprovider.CertificateProviderListener
                public void initializationComplete() {
                    X509KeyManager storedCertificate = FederationProvider.childProv.getStoredCertificate();
                    FederationProvider.childProv.deleteStoredCertificate();
                    FederationProvider.storeCertificate(str, storedCertificate, true, federationProviderResponseListener);
                    if (!(certificateProviderListener instanceof CertificateProviderListenerPlus)) {
                        federationProviderResponseListener.onSuccess();
                        certificateProviderListener.initializationComplete();
                    } else {
                        Map<Object, Object> createProviderParams = FederationProvider.createProviderParams(FederationProvider.params);
                        createProviderParams.put(FederationProvider.ANDROID_FEDERATION_DATAVAULT_PASS, str);
                        federationProviderResponseListener.onSuccess();
                        ((CertificateProviderListenerPlus) certificateProviderListener).initializationComplete(createProviderParams);
                    }
                }

                @Override // com.sap.smp.client.android.certificateprovider.CertificateProviderListenerPlus
                public void initializationComplete(Map<Object, Object> map) {
                    X509KeyManager storedCertificate = FederationProvider.childProv.getStoredCertificate();
                    FederationProvider.childProv.deleteStoredCertificate();
                    FederationProvider.storeCertificate(str, storedCertificate, true, federationProviderResponseListener);
                    if (!(certificateProviderListener instanceof CertificateProviderListenerPlus)) {
                        federationProviderResponseListener.onSuccess();
                        certificateProviderListener.initializationComplete();
                        return;
                    }
                    map.putAll(FederationProvider.params);
                    Map<Object, Object> createProviderParams = FederationProvider.createProviderParams(map);
                    createProviderParams.put(FederationProvider.ANDROID_FEDERATION_DATAVAULT_PASS, str);
                    federationProviderResponseListener.onSuccess();
                    ((CertificateProviderListenerPlus) certificateProviderListener).initializationComplete(createProviderParams);
                }

                @Override // com.sap.smp.client.android.certificateprovider.CertificateProviderListenerPlus
                public void initializationFailed(int i, String str2) {
                    FederationProvider.logger.logError("Embedded provider initialization failed with error code: " + i + "and message: " + str2);
                }

                @Override // com.sap.smp.client.android.certificateprovider.CertificateProviderListener
                public void onGetCertificateFailure(int i, String str2) {
                    certificateProviderListener.onGetCertificateFailure(i, str2);
                    federationProviderResponseListener.onError(str2);
                }

                @Override // com.sap.smp.client.android.certificateprovider.CertificateProviderListener
                public void onGetCertificateSuccess(X509KeyManager x509KeyManager) {
                    X509KeyManager storedCertificate = FederationProvider.childProv.getStoredCertificate();
                    FederationProvider.childProv.deleteStoredCertificate();
                    FederationProvider.storeCertificate(str, storedCertificate, true, federationProviderResponseListener);
                    if (!(certificateProviderListener instanceof CertificateProviderListenerPlus)) {
                        federationProviderResponseListener.onSuccess();
                        certificateProviderListener.initializationComplete();
                    } else {
                        Map<Object, Object> createProviderParams = FederationProvider.createProviderParams(FederationProvider.params);
                        createProviderParams.put(FederationProvider.ANDROID_FEDERATION_DATAVAULT_PASS, str);
                        createProviderParams.putAll(FederationProvider.params);
                        ((CertificateProviderListenerPlus) certificateProviderListener).initializationComplete(createProviderParams);
                    }
                }

                @Override // com.sap.smp.client.android.certificateprovider.CertificateProviderListener
                public void showUI(Object obj) throws CertificateProviderException {
                    certificateProviderListener.showUI(obj);
                }
            });
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void downloadCertificate(String str, boolean z, FederationProviderResponseListener federationProviderResponseListener) {
        dataVaultPin = str;
        try {
            FederationProviderActivity.clearErrorMessage(ctx);
            Federation.getInstance().createDataVault(str, policy);
            if (z) {
                getCertificateFromOtherApp(str, provListener, federationProviderResponseListener);
            } else {
                downloadCertificate(provListener, str, federationProviderResponseListener);
            }
        } catch (CertificateProviderException e) {
            logger.logError(e.getLocalizedMessage(), e);
        } catch (DataVaultException e2) {
            federationProviderResponseListener.onError(e2.getLocalizedMessage(), e2);
        }
    }

    private static String generateRandomString() {
        try {
            return hexEncode(MessageDigest.getInstance(McElieceCCA2KeyGenParameterSpec.SHA256).digest(Integer.valueOf(SecureRandom.getInstance("SHA1PRNG").nextInt()).toString().getBytes(Key.STRING_CHARSET_NAME)));
        } catch (UnsupportedEncodingException e) {
            logger.logError("Unsupported encoding", e);
            return "";
        } catch (NoSuchAlgorithmException e2) {
            logger.logError("No such algorithm", e2);
            return "";
        }
    }

    private static void getCertificateFromOtherApp(final String str, final CertificateProviderListener certificateProviderListener, final FederationProviderResponseListener federationProviderResponseListener) {
        federation.getCertificateFromClient(str).promise().done(new DoneCallback<Certificate>() { // from class: com.sap.smp.client.android.federationprovider.FederationProvider.4
            @Override // org.jdeferred.DoneCallback
            public void onDone(Certificate certificate) {
                if (certificate.keyStore == null || certificate.password == null) {
                    return;
                }
                try {
                    KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("X509");
                    keyManagerFactory.init(certificate.keyStore, certificate.password.toCharArray());
                    for (KeyManager keyManager : keyManagerFactory.getKeyManagers()) {
                        if (keyManager instanceof X509KeyManager) {
                            FederationProvider.storeCertificate(str, (X509KeyManager) keyManager, false, federationProviderResponseListener);
                            if (certificateProviderListener instanceof CertificateProviderListenerPlus) {
                                Map<Object, Object> createProviderParams = FederationProvider.createProviderParams(FederationProvider.params);
                                createProviderParams.put(FederationProvider.ANDROID_FEDERATION_DATAVAULT_PASS, str);
                                federationProviderResponseListener.onSuccess();
                                ((CertificateProviderListenerPlus) certificateProviderListener).initializationComplete(createProviderParams);
                            } else {
                                federationProviderResponseListener.onSuccess();
                                certificateProviderListener.initializationComplete();
                            }
                        }
                    }
                } catch (KeyStoreException e) {
                    FederationProvider.logger.logError(e.getLocalizedMessage(), e);
                    federationProviderResponseListener.onError(e.getLocalizedMessage(), e);
                } catch (NoSuchAlgorithmException e2) {
                    FederationProvider.logger.logError(e2.getLocalizedMessage(), e2);
                    federationProviderResponseListener.onError(e2.getLocalizedMessage(), e2);
                } catch (UnrecoverableKeyException e3) {
                    FederationProvider.logger.logError(e3.getLocalizedMessage(), e3);
                    federationProviderResponseListener.onError(e3.getLocalizedMessage(), e3);
                }
            }
        }).fail(new FailCallback<FederationErrorObject>() { // from class: com.sap.smp.client.android.federationprovider.FederationProvider.3
            @Override // org.jdeferred.FailCallback
            public void onFail(FederationErrorObject federationErrorObject) {
                FederationProviderResponseListener.this.onError(federationErrorObject.getErrorMessage());
            }
        });
    }

    private static String hexEncode(byte[] bArr) {
        StringBuilder sb = new StringBuilder();
        char[] cArr = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'};
        for (byte b : bArr) {
            sb.append(cArr[(b & 240) >> 4]);
            sb.append(cArr[b & 15]);
        }
        return sb.toString();
    }

    private void logAndThrow(FederationError federationError, CertificateProviderListener certificateProviderListener) throws CertificateProviderException {
        logger.logError(federationError.msg());
        certificateProviderListener.onGetCertificateFailure(0, federationError.msg());
        throw new CertificateProviderException(federationError.ordinal(), federationError.msg());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void resetSSOPin(final Deferred deferred) {
        federation.deleteDataVault();
        childProv.deleteStoredCertificate();
        DeferredObject deferredObject = new DeferredObject();
        deferredObject.promise().done(new DoneCallback() { // from class: com.sap.smp.client.android.federationprovider.FederationProvider.1
            @Override // org.jdeferred.DoneCallback
            public void onDone(Object obj) {
                Deferred.this.resolve(null);
            }
        });
        federation.deleteCertificateInClients(deferredObject);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void storeCertificate(String str, X509KeyManager x509KeyManager, boolean z, FederationProviderResponseListener federationProviderResponseListener) {
        if (x509KeyManager != null) {
            String str2 = x509KeyManager.getClientAliases("RSA", null)[0];
            X509Certificate[] certificateChain = x509KeyManager.getCertificateChain(str2);
            PrivateKey privateKey = x509KeyManager.getPrivateKey(str2);
            try {
                KeyStore keyStore = KeyStore.getInstance("PKCS12");
                String generateRandomString = generateRandomString();
                keyStore.load(null, generateRandomString.toCharArray());
                keyStore.setCertificateEntry(str2, certificateChain[0]);
                keyStore.setKeyEntry(str2, privateKey, generateRandomString.toCharArray(), certificateChain);
                Certificate certificate = new Certificate(keyStore, generateRandomString);
                federation.storeCertificateInDataVault(str, certificate);
                if (z) {
                    federation.updateCertificateInClients(str, certificate);
                }
            } catch (DataVaultException e) {
                logger.logError(e.getLocalizedMessage(), e);
                federationProviderResponseListener.onError(e.getLocalizedMessage(), e);
            } catch (IOException e2) {
                logger.logError(e2.getLocalizedMessage(), e2);
                federationProviderResponseListener.onError(e2.getLocalizedMessage(), e2);
            } catch (KeyStoreException e3) {
                logger.logError(e3.getLocalizedMessage(), e3);
                federationProviderResponseListener.onError(e3.getLocalizedMessage(), e3);
            } catch (NoSuchAlgorithmException e4) {
                logger.logError(e4.getLocalizedMessage(), e4);
                federationProviderResponseListener.onError(e4.getLocalizedMessage(), e4);
            } catch (CertificateException e5) {
                logger.logError(e5.getLocalizedMessage(), e5);
                federationProviderResponseListener.onError(e5.getLocalizedMessage(), e5);
            }
        }
    }

    @Override // com.sap.smp.client.android.certificateprovider.CertificateProvider
    public void deleteStoredCertificate() {
        federation.deleteDataVault();
        CertificateProvider certificateProvider = childProv;
        if (certificateProvider != null) {
            certificateProvider.deleteStoredCertificate();
        }
    }

    @Override // com.sap.smp.client.android.certificateprovider.CertificateProvider
    public void getCertificate(CertificateProviderListener certificateProviderListener) {
        certificateProviderListener.onGetCertificateSuccess(getStoredCertificate());
    }

    @Override // com.sap.smp.client.android.certificateprovider.CertificateProvider
    public X509KeyManager getStoredCertificate() {
        Certificate certificateFromDataVault = federation.getCertificateFromDataVault(dataVaultPin);
        X509KeyManager x509KeyManager = null;
        if (certificateFromDataVault != null && certificateFromDataVault.keyStore != null && certificateFromDataVault.password != null) {
            try {
                KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("X509");
                keyManagerFactory.init(certificateFromDataVault.keyStore, certificateFromDataVault.password.toCharArray());
                for (KeyManager keyManager : keyManagerFactory.getKeyManagers()) {
                    if (keyManager instanceof X509KeyManager) {
                        x509KeyManager = (X509KeyManager) keyManager;
                    }
                }
            } catch (KeyStoreException e) {
                logger.logError(e.getLocalizedMessage(), e);
            } catch (NoSuchAlgorithmException e2) {
                logger.logError(e2.getLocalizedMessage(), e2);
            } catch (UnrecoverableKeyException e3) {
                logger.logError(e3.getLocalizedMessage(), e3);
            }
        }
        return x509KeyManager;
    }

    @Override // com.sap.smp.client.android.certificateprovider.CertificateProvider
    public void initialize(final CertificateProviderListener certificateProviderListener) throws CertificateProviderException {
        if (certificateProviderListener instanceof CertificateProviderListenerPlus) {
            provListener = (CertificateProviderListenerPlus) certificateProviderListener;
            if (federation.isDataVaultExists()) {
                new Thread(new Runnable() { // from class: com.sap.smp.client.android.federationprovider.FederationProvider.5
                    @Override // java.lang.Runnable
                    public void run() {
                        certificateProviderListener.initializationComplete();
                    }
                }).start();
                return;
            }
            if (params == null) {
                logAndThrow(FederationError.NO_PARAMS, certificateProviderListener);
            } else {
                String str = appId;
                if (str == null || str.length() == 0 || ctx == null || childProv == null) {
                    logAndThrow(FederationError.INCOMPLETE_PARAMS, certificateProviderListener);
                }
            }
            if (Looper.myLooper() != Looper.getMainLooper()) {
                new Handler(Looper.getMainLooper()).post(new Runnable() { // from class: com.sap.smp.client.android.federationprovider.FederationProvider.6
                    @Override // java.lang.Runnable
                    public void run() {
                        Intent intent = new Intent(FederationProvider.ctx, (Class<?>) FederationProviderActivity.class);
                        intent.putExtra(FederationProvider.EXTRA_CALLED_FROM_FEDERATION_PROVIDER, true);
                        if (FederationProvider.dataVaultPin != null) {
                            intent.putExtra(FederationProvider.EXTRA_DATA_VAULT_PIN_CODE, FederationProvider.dataVaultPin);
                        }
                        FederationProvider.ctx.startActivity(intent);
                    }
                });
                return;
            }
            Intent intent = new Intent(ctx, (Class<?>) FederationProviderActivity.class);
            intent.putExtra(EXTRA_CALLED_FROM_FEDERATION_PROVIDER, true);
            String str2 = dataVaultPin;
            if (str2 != null) {
                intent.putExtra(EXTRA_DATA_VAULT_PIN_CODE, str2);
            }
            ctx.startActivity(intent);
        }
    }

    @Override // com.sap.smp.client.android.certificateprovider.CertificateProvider
    public void setParameters(Map<Object, Object> map) {
        if (map != null) {
            ctx = (Context) map.get(CertificateProvider.ANDROID_CONTEXT_KEY);
            appId = (String) map.get("appID");
            this.childProvName = (String) map.get(ANDROID_FEDERATION_EMBEDDED_CERTIFICATE_PROVIDER);
            dataVaultPin = (String) map.get(ANDROID_FEDERATION_DATAVAULT_PASS);
            federation = Federation.getInstance();
            federation.init(ctx);
            params = map;
            HashMap hashMap = new HashMap();
            for (ANDROID_FEDERATION_POLICY_DETAILS android_federation_policy_details : ANDROID_FEDERATION_POLICY_DETAILS.values()) {
                if (map.containsKey(android_federation_policy_details.name())) {
                    Object obj = map.get(android_federation_policy_details.name());
                    if (obj instanceof String) {
                        hashMap.put(android_federation_policy_details.name(), (String) obj);
                    } else if ((obj instanceof Integer) || (obj instanceof Boolean)) {
                        hashMap.put(android_federation_policy_details.name(), String.valueOf(obj));
                    }
                }
            }
            if (hashMap.isEmpty()) {
                policy = null;
            } else {
                SSOPasscodeHelper.setPasswordPolicy(hashMap);
                policy = SSOPasscodeHelper.getEffectiveDVPasswordPolicy();
            }
            ClientLogManager clientLogManager = Supportability.getInstance().getClientLogManager(ctx);
            logger = clientLogManager.getLogger(LOG_TAG);
            clientLogManager.setLogLevel(ClientLogLevel.DEBUG, LOG_TAG);
            clientLogManager.setLogDestination(EnumSet.of(ClientLogDestination.FILESYSTEM, ClientLogDestination.CONSOLE), LOG_TAG);
            if (this.childProvName == null) {
                return;
            }
            try {
                childProv = (CertificateProvider) Class.forName(ctx.getPackageManager().getApplicationInfo(ctx.getPackageName(), 128).metaData.getString(this.childProvName)).newInstance();
                childProv.setParameters(map);
            } catch (PackageManager.NameNotFoundException e) {
                logger.logError(e.getLocalizedMessage(), e);
            } catch (ClassNotFoundException unused) {
                logger.logError(FederationError.NO_PROV_CLASS.msg());
            } catch (IllegalAccessException unused2) {
                logger.logError(FederationError.NO_PROV_INST.msg());
            } catch (InstantiationException unused3) {
                logger.logError(FederationError.NO_PROV_INST.msg());
            }
        }
    }
}
